Log4j

Microsoft Sentinel Launches New Log4j Vulnerability Solution In Public Preview

Microsoft has announced some important updates for Microsoft Sentinel, its scalable cloud-native SIEM tool that provides AI-powered security analytics in enterprise environments. The Redmond giant has launched a new solution in public preview that should help IT Admins to detect Apache Log4j vulnerabilities. Last week, Microsoft acknowledged the emergence of an Apache Log4j vulnerability (CVE-2021-44228)...

Last Update: Feb 02, 2023

LATEST

Security – 4

DHS Review Board Warns Log4j Flaw to Affect Vulnerable Systems Until At Least 2032

The US Department of Homeland Security has issued a security advisory about the risks associated with Log4j vulnerabilities. The DHS’ Cyber Safety Review Board (CSRB) warned that the security flaw is expected to affect federal agencies and organizations until at least 2032. For those unfamiliar, Apache Log4j is a popular open-source Java-based logging framework. It…

View Article
AWS (Amazon Web Services)

AWS Confirms Log4j Hotpatch Fix Leads to Privilege Escalation

Back in December, Amazon released emergency fixes to address the Log4j vulnerability in JVMs across multiple environments, but it looks like these updates still left some security loopholes. Since Amazon published the fixes, security researchers have discovered that the original hot patch left AWS customers vulnerable to container escape and privilege escalation bugs (via The…

View Article